Managing Patient Privacy via Patient Centred Audit


Published on

Linda Fletcher
Auckland District Health Board
(P10, 16/10/08, Privacy stream, 3.50pm)

Published in: Health & Medicine, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • * *
  • Managing Patient Privacy via Patient Centred Audit

    1. 1. HINZ Rotorua, New Zealand October 2008 Managing Patient Privacy via Patient Centred Audit
    2. 2. Background Information <ul><li>Historically </li></ul><ul><li>Paper records, securely stored </li></ul><ul><li>Made available to support the patient care process </li></ul><ul><li>Access for other purposes managed via strict controls </li></ul><ul><li>Unauthorised access largely prevented </li></ul><ul><li>Access requests by other healthcare providers managed via transfer of the paper record </li></ul>
    3. 3. Background Information <ul><li>Today </li></ul><ul><li>Records available on-line via various clinical IT systems </li></ul><ul><li>Varying degrees of security-related functionality </li></ul><ul><li>Changing user expectations re shared regional access </li></ul><ul><li>Benefits of shared regional access are significant, however patient privacy must not be compromised </li></ul>
    4. 4. Background Information <ul><li>Auckland Regional Privacy </li></ul><ul><li>Advisory Group </li></ul><ul><li>Formed in September 2005 </li></ul><ul><li>ADHB, CMDHB and WDHB </li></ul><ul><li>To assist the RISSP Governance Group to address privacy issues arising out of regional information sharing projects </li></ul><ul><li>Developed the Regional Health Information Sharing Guideline </li></ul>
    5. 5. Background Information <ul><li>Auckland Regional Health </li></ul><ul><li>Information Sharing Guideline </li></ul><ul><li>Advocates a robust and consistent approach to maintain the trust and confidence of all stakeholders, and to ensure that information is properly valued, respected and protected </li></ul><ul><li>Promotes an environment where relevant information can flow efficiently and safely to treating healthcare professionals </li></ul><ul><li>Intended to enable shared regional on-line access to patient information </li></ul>
    6. 6. Background Information <ul><li>How We Manage Privacy, Security </li></ul><ul><li>and Access </li></ul><ul><li>DHB Policy </li></ul><ul><li>Staff Confidentiality Agreements </li></ul><ul><li>System Functionality </li></ul><ul><li>Retrospective Audit </li></ul><ul><ul><li>all users every year </li></ul></ul><ul><ul><li>high profile patients </li></ul></ul><ul><ul><li>designated records </li></ul></ul><ul><ul><li>same name matching </li></ul></ul><ul><ul><li>ad hoc </li></ul></ul><ul><li>Standardised HR Processes </li></ul>
    7. 7. Retrospective Audit <ul><li>Limitations of Audit </li></ul><ul><li>Requires an ability to determine the validity of access by a particular user, to a particular patient’s record, at a particular time </li></ul><ul><li>Resource-intensive </li></ul><ul><li>Increasing in complexity with growing number of healthcare providers outside the auditing agency </li></ul>
    8. 8. Involving the Patient <ul><li>What Role can the Patient Play? </li></ul><ul><li>The Auckland RISSP includes the goal of involving patients in their healthcare </li></ul><ul><li>Patient involvement empowers individuals </li></ul><ul><li>In terms of privacy, it is the patient’s interests that are primarily at stake </li></ul><ul><li>In terms of audit, the patient is arguably in the best position to know if access to their record is appropriate </li></ul>
    9. 9. Involving the Patient <ul><li>Patient Centred Audit </li></ul><ul><li>Patient Centred Audit is proposed, whereby the patent will audit access to their own record </li></ul><ul><li>ADHB Pilot: July – October 2008 </li></ul><ul><li>Participants: voluntary ADHB staff that had had a patient encounter as an inpatient, outpatient or emergency department patient any time from August 2007 onwards </li></ul>
    10. 10. Pilot - Patient Centred Audit <ul><li> Objectives: </li></ul><ul><ul><li>Produce meaningful results to inform the audit programme of work for the future </li></ul></ul><ul><ul><li>Provide insight into the logistics, effort, implications and cost of managing a PCA for the general public </li></ul></ul><ul><ul><li>Raise staff awareness re patient confidentiality & the ADHB audit programme </li></ul></ul>
    11. 11. Pilot - Patient Centred Audit <ul><li>Pilot Stages: </li></ul><ul><ul><li>Invitation to staff </li></ul></ul><ul><ul><li>Receive & review expressions of interest </li></ul></ul><ul><ul><li>Confirm participants </li></ul></ul><ul><ul><li>Conduct Staff Briefing Sessions </li></ul></ul><ul><ul><ul><li>discuss purpose & participant responsibilities </li></ul></ul></ul><ul><ul><ul><li>present & discuss sample Audit Log </li></ul></ul></ul><ul><ul><ul><li>answer questions & provide clarification </li></ul></ul></ul><ul><ul><ul><li>collect Participant Agreement Forms </li></ul></ul></ul><ul><ul><ul><li>distribute Audit Logs </li></ul></ul></ul><ul><ul><li>Conduct concurrent, standard audit </li></ul></ul>
    12. 12. Pilot - Patient Centred Audit <ul><li>Pilot Stages (continued): </li></ul><ul><ul><li>Receive Audit Log feedback </li></ul></ul><ul><ul><ul><li>Appropriate </li></ul></ul></ul><ul><ul><ul><li>Not Appropriate </li></ul></ul></ul><ul><ul><ul><li>Not Sure </li></ul></ul></ul><ul><ul><li>Respond to feedback & initiate investigations if required </li></ul></ul><ul><ul><li>Advise participants re outcome </li></ul></ul><ul><ul><li>Distribute General Feedback Forms </li></ul></ul><ul><ul><li>Receive Feedback </li></ul></ul><ul><ul><li>Collate results </li></ul></ul>
    13. 13. Pilot Participants <ul><li>Participant Profile </li></ul>
    14. 14. The Audit Log
    15. 15. Pilot - Patient Centred Audit <ul><li>Audit Log Transactions </li></ul>
    16. 16. Results <ul><li>Initial Feedback from Participants </li></ul><ul><li>Results of Concurrent Standard Audit </li></ul>
    17. 17. Results <ul><li>Transactions reported by participants as not appropriate or not sure if appropriate </li></ul>
    18. 18. Findings <ul><ul><li>Some transactions that participants report as potentially inappropriate are immediately recognised by the Audit team as appropriate </li></ul></ul><ul><ul><li>When these transactions are removed from the data set, less transactions are referred for investigation than the number referred as a result of routine audit </li></ul></ul><ul><ul><li>Some transactions that participants report as potentially inappropriate were not identified as such via routine audit, and do warrant further investigation, however to date, no occasions of inappropriate access have been confirmed via the PCA methodology </li></ul></ul>
    19. 19. General Feedback <ul><li>Did you find your Audit Log easy to understand? </li></ul><ul><ul><li>16 (84%) - Yes </li></ul></ul><ul><ul><li>3 (16%) - No </li></ul></ul><ul><ul><li>Did you require assistance to </li></ul></ul><ul><ul><li>understand your Audit Log? </li></ul></ul><ul><ul><li>3 (16%) - Yes </li></ul></ul><ul><ul><li>16 (84%) - No </li></ul></ul><ul><ul><li>Do you have suggestions for making the </li></ul></ul><ul><ul><li>Audit Log easier to understand? </li></ul></ul><ul><ul><li>6 (32%) - Yes </li></ul></ul><ul><ul><li>13 (68%) - No </li></ul></ul>
    20. 20. General Feedback <ul><li>Of the staff who viewed your record, did you have a clear understanding of what their job entailed? </li></ul><ul><ul><li>15 (79%) - Yes </li></ul></ul><ul><ul><li>4 (21%) - No </li></ul></ul><ul><ul><li>Do you think Patient Centred Audit should </li></ul></ul><ul><ul><li>be progressed beyond the pilot? </li></ul></ul><ul><ul><li>14 (74%) - Yes </li></ul></ul><ul><ul><li>4 (21%) – No </li></ul></ul><ul><ul><li>1 (5%) - Unsure </li></ul></ul>
    21. 21. General Feedback <ul><li>Would you be happy to receive your Audit Log in the mail at home? </li></ul><ul><ul><li>14 (74%) - Yes </li></ul></ul><ul><ul><li>5 (26%) - No </li></ul></ul><ul><ul><li>If your Audit Log had been sent in the </li></ul></ul><ul><ul><li>mail would it have reached you at the </li></ul></ul><ul><ul><li>address we have in our system? </li></ul></ul><ul><ul><li>16 (84%) - Yes </li></ul></ul><ul><ul><li>1 (5%) – No </li></ul></ul><ul><ul><li>2 (11%) - Unsure </li></ul></ul>
    22. 22. General Feedback <ul><li>If you had a choice would you rather view your Audit Log on-line or in paper form? </li></ul><ul><ul><li>12 (63%) – On-line </li></ul></ul><ul><ul><li>5 (26%) - Paper form </li></ul></ul><ul><ul><li>2 (11%) - No preference </li></ul></ul><ul><ul><li>Do you have access to the internet at </li></ul></ul><ul><ul><li>home? </li></ul></ul><ul><ul><li>16 (84%) - Yes </li></ul></ul><ul><ul><li>3 (16%) – No </li></ul></ul><ul><ul><li>Was the pilot managed in a professional </li></ul></ul><ul><ul><li>manner? </li></ul></ul><ul><ul><li>19 (100%) - Yes </li></ul></ul>
    23. 23. General Feedback <ul><li>Other feedback </li></ul><ul><ul><li>I do not believe that extending the pilot to the general public would be viable. The general public would not understand the information, and would generate a lot of queries. The workload would be a burden for the DHB </li></ul></ul><ul><ul><li>Potential to provide a great opportunity for the public to play an active role, and also for ADHB to promote the integrity of its systems and processes </li></ul></ul>
    24. 24. Audit Team Feedback <ul><li>What worked well </li></ul><ul><ul><li>Participants that attended individual (rather </li></ul></ul><ul><ul><li>than group) Staff Briefing Sessions were less </li></ul></ul><ul><ul><li>likely to phone for assistance, and were more </li></ul></ul><ul><ul><li>likely to submit their feedback on time / without </li></ul></ul><ul><ul><li>follow-up </li></ul></ul><ul><ul><li>What did not work well </li></ul></ul><ul><ul><li>Difficulty contacting participants </li></ul></ul><ul><ul><li>Participants unavailable during Pilot </li></ul></ul><ul><ul><li>Delayed return of Audit Logs & Feedback </li></ul></ul><ul><ul><li>Low number of Feedback Forms received </li></ul></ul>
    25. 25. Key Learnings <ul><li>What We Would do Differently: </li></ul><ul><ul><li>Ask participants to advise re planned leave during Pilot </li></ul></ul><ul><ul><li>Provide Glossary of Terms (Definitions) and FAQs with Audit Logs </li></ul></ul><ul><ul><li>Provide information about the various roles that are likely to have accessed inpatient, outpatient and emergency department records </li></ul></ul>
    26. 26. PCA for the General Public <ul><li>Things to Consider: </li></ul><ul><ul><li>Re-format Audit Log to improve use </li></ul></ul><ul><ul><li>Use simple language, and avoid jargon and abbreviations </li></ul></ul><ul><ul><li>Provide information about the different systems that staff use to access information, and various roles and likely reasons for access to information </li></ul></ul><ul><ul><li>Provide Glossary of Terms and FAQs </li></ul></ul><ul><ul><li>Ensure a robust process for managing feedback re potentially inappropriate access </li></ul></ul><ul><ul><li>Distribute Audit Logs via registered mail if in hard copy, or via secure on-line access </li></ul></ul>
    27. 27. Acknowledgements <ul><li>Special thanks to: </li></ul><ul><li>Patient Centred Audit Advisory Group </li></ul><ul><li>Clinical Workstation Support Team (the Audit Team) </li></ul><ul><li>For more information: </li></ul><ul><li>e-mail: </li></ul>